36507 matches found
CVE-2026-39628
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through = 1.3.0...
CVE-2026-39626
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a through = 1.4.8...
CVE-2026-5973
A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function getmimetype of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The project was...
org.apache.avro/avro: Apache Avro Java SDK: Code injection on Java generated code
A code injection flaw has been discovered in Apache Avro. This vulnerability manifests when generating specific records from untrusted Avro schemas...
Exploit for Code Injection in Langflow
No d...
Arbitrary Code Injection
Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Arbitrary Code Injection via the /admin/tinymce/uplo...
Arbitrary Code Injection
Overview @openai/codex is a OpenAI Codex CLI Lightweight coding agent that runs in your terminal Affected versions of this package are vulnerable to Arbitrary Code Injection via the automatic loading of .env and .codex/config.toml files when executing the CLI in a compromised repository. An...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to code injection in NLTK [CVE-2025-14009]
Summary IBM Watson Speech Services Cartridge is vulnerable to code injection in NLTK, due to an issue in in the NLTK downloader component of nltk/nltk that causes the unzipiter function in nltk/downloader.py to fail to perform path validation or security checks CVE-2025-14009. NLTK is used in our...
Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.3 release and security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...
org.apache.avro/avro: Apache Avro Java SDK: Code injection on Java generated code
A code injection flaw has been discovered in Apache Avro. This vulnerability manifests when generating specific records from untrusted Avro schemas...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several SAP products, including SAP Supplier Relationship Management, SAP BusinessObjects Business Intelligence Platform, SAP NetWeaver Application Server Java and ABAP, SAP Landscape Transformation, SAP Business Planning and Consolidation, SAP Business Warehouse,...
CVE-2026-27675
SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or...
CVE-2026-27674
Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java Web Dynpro Java, an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, th...
CVE-2026-27675
CVE-2026-27675 affects SAP Landscape Transformation via an RFC-exposed function module that could allow a high-privilege attacker to inject arbitrary ABAP code and operating-system commands. The described impact is limited: confidentiality and availability are unaffected, while integrity could be...
CVE-2026-27675 Code Injection vulnerability in SAP Landscape Transformation
SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or...
CVE-2026-27675 Code Injection vulnerability in SAP Landscape Transformation
SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or...
EUVD-2026-22147
SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or...
CVE-2026-27675
SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or...
CVE-2026-27674 Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java)
Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java Web Dynpro Java, an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, th...
EUVD-2026-22146
Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java Web Dynpro Java, an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, th...